package CA;

import java.security.cert.*;
import java.security.*;
import java.util.*;
import java.io.*;

public class TigerOcsp {
    private static final String TEST_RESPONDER_URL = "http://test.ocsp.certifikat.dk/ocsp/status";
    /**
     * Sample params:
     * TDCOCESSTEST2.cer PIDTestBruger2.cer
     * @param args
     */
    public static void main(String [] args){
  
        try {
            if (args.length != 2)
                throw new Exception("TigerOcsp " + "caFile " + "certfile ");
            X509Certificate caCert = readCert(args[0]);
            X509Certificate clientCert = readCert(args[1]);
            List certList = new Vector();
            // NB: this is the correct sequence!!
            certList.add(clientCert);
            certList.add(caCert);
            validateCertPath(certList, caCert, TEST_RESPONDER_URL);
        } catch (Exception e){
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        }
    }
    
    
    
    public static void validate(X509Certificate caCert, X509Certificate clientCert){
    	  
        try {
                      
            List certList = new Vector();
            // NB: this is the correct sequence!!
            certList.add(clientCert);
            certList.add(caCert);
            validateCertPath(certList, caCert, TEST_RESPONDER_URL);
        } catch (Exception e){
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        }
    }
    
    
    private static void validateCertPath(List certList, X509Certificate trustedCert, String responderUrl) {
        try {
            // Instantiate a CertificateFactory for X.509
            CertificateFactory cf = CertificateFactory.getInstance("X.509");

            // Extract the certification path from
            // the List of Certificates
            CertPath cp = cf.generateCertPath(certList);

            // Create CertPathValidator that implements the "PKIX" algorithm
            CertPathValidator cpv = CertPathValidator.getInstance("PKIX");

            // Set the Trust anchor
            TrustAnchor anchor = new TrustAnchor(trustedCert, null);

            // Set the PKIX parameters
            PKIXParameters params = new PKIXParameters(Collections.singleton(anchor));
            params.setRevocationEnabled(true);
            // the list of additional signer certificates for populating the trust store

            Security.setProperty("ocsp.enable", "true");
            Security.setProperty("ocsp.responderURL", responderUrl);

            // Validate and obtain results
            try {
                PKIXCertPathValidatorResult result =
                        (PKIXCertPathValidatorResult) cpv.validate(cp, params);
                PolicyNode policyTree = result.getPolicyTree();
                PublicKey subjectPublicKey = result.getPublicKey();

                System.out.println("Certificate validated");
                System.out.println("Policy Tree:\n" + policyTree);
                System.out.println("Subject Public key:\n" + subjectPublicKey);

            } catch (CertPathValidatorException cpve) {
                System.out.println("Validation failure, cert["
                        + cpve.getIndex() + "] :" + cpve.getMessage());
            }

        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        } catch (InvalidAlgorithmParameterException e) {
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        } catch (CertificateException e) {
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        }
    }
    private static X509Certificate readCert(String fileName) throws FileNotFoundException, CertificateException {
        InputStream is = new FileInputStream(fileName);
        BufferedInputStream bis = new BufferedInputStream(is);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) cf.generateCertificate(bis);
        return cert;
    }
}